With my very limited experience in gaining sys access via various apps it seems the following is true but please comment on any points:

Conditions: All the following assume no ip restrictions and are open for dual token (usr/pwd) access with no crypto. Also that you have not root'd the machine.

FTP Access, unless your using a packet sniffer and catching the cleartext pwd, ftp is too slow in response to try a brute force and unless the admin used a actual word, a dictionary access is a waste of time. Comments?

Telnet Access, same as above.

HTTP Basic Auth. Access, 10 times the number of auth req. for each ftp req. i.e Much faster for dictionary or brute force access. But like ftp/telnet if the admin used a strong pwd it takes too long without reading the cleartext data.

As of this post, I have a test running using a good usr name and alpha/numeric pwd with no special characters. So all it needs is the password since I gave it a correct usrname. Still running at over 5 hours with under 600K pwd combinations. The password is just 8 characters long (since I made it).

I have not tested sites that used java for security via pwd/usr since I don't know the config of the site. Any Comments?

SSH Access, since most/all use crypto I don't bother. Same for digest auth for http. Crypto is not my thing.

The think to watch out for is any sort of "lockout" policy. This could occur with any of the methods you described, including, if i understood correctly the java application. If anything, i would say brute-forcing a custom built java application may attract less attention, unless the company / developer that built it has lots of time / money to devote to the project.

Why?

In a rush to meet a deadline, critical security features like lockout policy are often put to the side.

One of my favourite ways to obtain access to some sites, it SQL injection. You can fool vulnerable systems into letting you in as you re-write the SQL query that checks the username and password combination.

Agree with you on all of the points fastlanwan, If I found a sys with unfiltered ports I would try the obvious user/passwords, if they dont work I would just leave it. (Unless there are some really easy holes, NetBIOS, NFS shares etc)

The best way is if you have huge amounts of info at hand, about the target system/company/workers... and then you can make educated attempts at exploits/vulnerabilities user/password combos...

I guess it boils down to how bad you want access to the system, then you have a reason to keep knocking on the door... (Kinda like programming, as I'm finding out... )

I read a file somewhere on gaining access to the system throught unicode vulnerability in IIS. How does this work exactly?
What I got out of it is that once you can send commands throught the URL bar as query string you are able to create a batch file in DOS. And then make it connect to you system, on your system you have to be running netcat (I think) and in a certain mode that when computers connect to you it lets you open a program on their computer. So after you would execute the script throught unicode the server would connect to you and you would get access to their MS-DOS virtual machine. Is this possible or like what? Looking for some feedback.

I read a file somewhere on gaining access to the system throught unicode vulnerability in IIS. How does this work exactly?
What I got out of it is that once you can send commands throught the URL bar as query string you are able to create a batch file in DOS. And then make it connect to you system, on your system you have to be running netcat (I think) and in a certain mode that when computers connect to you it lets you open a program on their computer. So after you would execute the script throught unicode the server would connect to you and you would get access to their MS-DOS virtual machine. Is this possible or like what? Looking for some feedback.

Yes, the way NIMDA spread is through using different UNICODE vulnerabilities in IIS servers, the UNICODE just fools the webserver not to show them C:\wwwroot but C:\ So you can access DOS and screw them over! . I believe were you read that is new order?